Ubiquiti Networks has issued a warning to customers to change their passwords after its security systems were breached by hackers.
In an email to customers, the networking equipment and internet of things (IoT) device vendor said it had become aware of unauthorised access to its systems hosted by a third-party cloud provider.
“We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed,” the email said.
Ubiquiti added that names, email addresses and a one-way encrypted password to customers’ accounts, which it says are hashed and salted, may have been exposed. The data may also include customers’ address and phone number if they had provided those to the vendor.
Ubiquiti account users are able to remotely access and manage their routers and devices from the web using the vendor’s portal account.ui.com.
The vendor was also forced to stress on a community message board that its email was genuine and not a phishing attempt after customers complained the email was “poorly worded”.
“We apologise for, and deeply regret, any inconvenience this may cause you,” the message board post added. “We take the security of your information very seriously and appreciate your continued trust.”
Ubiquiti is just one in a line of vendors hit by high profile hacking incidents in recent weeks, including FireEye and SolarWinds. The vendor was also one of several vendors to be targeted by the global VPNFilter malware campaign in 2018.